Nearly 79 percent of Indian firms do not have a computer security incident response plan (CSIRP) in place that is applied consistently across operations, a new IBM-Ponemon Institute study said on Thursday.
In the past two years, 51 percent of Indian organisations surveyed experienced a data breach and 56 percent experienced a cybersecurity incident, revealed the study conducted by US-based Ponemon Institute on behalf of IBM Security. Of the organisations that do have a CSIRP in place, 57 percent do not test plans regularly or at all. Only 23 percent reported using automation significantly in their organisation, the findings showed.
“In India, Incident Response (IR) strategy is at a nascent stage and organisations are beginning to conceive this as an integral part of risk mitigation and resilience plan,” said Vaidyanathan Iyer, Security Software Leader, IBM India/South Asia.
“Considering the lack of a well-developed and tested IR in an organisation’s cyber resiliency strategy, enterprises need to evaluate and implement the right tools at the earliest,” Iyer added.
The IBM-Ponemon study found that globally, 77 percent of respondents indicated they do not have a cybersecurity incident response plan applied consistently across the enterprise.
Studies show that companies who respond quickly and efficiently to contain a cyber attack within 30 days save over $1 million on the total cost of a data breach on average.
“Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes, and technologies to sustain such a programme,” expressed Ted Julian, Vice President of Product Management and Co-Founder, IBM Resilient.
Only 30 percent of the respondents reported that staffing for cybersecurity is sufficient to achieve a high level of cyber resilience while 62 percent indicated that aligning privacy and cybersecurity roles is essential to achieving cyber resilience within their organisations.
